US10735181B2 - Performing vector comparison operations in fully homomorphic encryption - Google Patents
Performing vector comparison operations in fully homomorphic encryption Download PDFInfo
- Publication number
- US10735181B2 US10735181B2 US16/514,043 US201916514043A US10735181B2 US 10735181 B2 US10735181 B2 US 10735181B2 US 201916514043 A US201916514043 A US 201916514043A US 10735181 B2 US10735181 B2 US 10735181B2
- Authority
- US
- United States
- Prior art keywords
- vector
- query
- library
- homomorphic
- coefficients
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 239000013598 vector Substances 0.000 title claims abstract description 180
- 238000000034 method Methods 0.000 claims abstract description 60
- 238000012545 processing Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 10
- 238000011156 evaluation Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000001815 facial effect Effects 0.000 claims description 6
- 230000006870 function Effects 0.000 description 39
- 238000003860 storage Methods 0.000 description 28
- 238000010586 diagram Methods 0.000 description 10
- 238000013459 approach Methods 0.000 description 9
- 230000000873 masking effect Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000008520 organization Effects 0.000 description 4
- 238000003491 array Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012384 transportation and delivery Methods 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 229920002522 Wood fibre Polymers 0.000 description 1
- 230000003466 anti-cipated effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000009172 bursting Effects 0.000 description 1
- 239000011111 cardboard Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000012517 data analytics Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 208000016339 iris pattern Diseases 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 239000011087 paperboard Substances 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
- 239000002025 wood fiber Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/16—Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3093—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
Definitions
- the present disclosure relates to fully homomorphic encryption (FHE) and in particular to methods and systems of performing FHE so that vector comparison operations can be performed efficiently.
- FHE fully homomorphic encryption
- FHE is a family of encryption schemes that enables computation directly on the encrypted data. This has the advantage of outsourcing computation to an “honest-but-curious” party without having to trust them with your data as the data and intermediate results stay encrypted during computation.
- a computer automated method of performing a homomorphic operation on a data set by applying an encrypted operand begins by providing a data set containing a plurality ‘i’ of library vectors, each library vector comprising a plurality ‘j’ of coefficients.
- the method carries out a pivot operation on the data set of library vectors such that each set of common ‘j’ coefficients is stored in respective library ciphertexts.
- a query ciphertext is received containing in encrypted form at least one query vector, also each comprising said plurality of coefficients.
- a homomorphic pivot operation is carried out on the query ciphertext to separate each of its ‘j’ coefficients into respective pivoted query ciphertexts.
- the method carries out a homomorphic computation between the ciphertexts of the pivoted forms of the query and library vectors so as to compute an encrypted set of vector differences between the query vector and each of the library vectors. Finally the method transmits the encrypted set of vector differences as a result.
- This method organizes the data containing the ciphertexts in a way that exploits coarse grain parallelism of the underlying computer hardware on which the computations will be performed by pivoting the data to maximize use of multi-core, multi-thread computer processors and also to better pack the data within the data structures being used, which is especially beneficial for larger data sets.
- the homomorphic computation may comprise in certain embodiments, calculating in a homomorphic difference operation a difference parameter value representing a vector difference between the ‘jth’ coefficient of the query vector and the ‘jth’ coefficient of every library vector, repeating for each other value of ‘j’ so that ‘j’ vector difference parameter values are obtained, and homomorphically combining the difference parameter values to obtain said encrypted set of vector differences between the query vector and each of the library vectors.
- the difference parameter value may be the square of the vector difference.
- the method may also comprise further processing said encrypted set of vector differences by performing a homomorphic threshold calculation using a homomorphic polynomial evaluation.
- the library vectors may represent a physical entity, and the coefficients of the library vectors may represent attributes of the physical entity.
- the physical entity may be a person.
- the vectors are mapped to database records relating to people.
- the people may be natural or legal persons. Examples might be medical records, criminal records, banking records, company records or tax records.
- the attributes may be physical attributes, such as a biometric parameter.
- Example biometric parameters are facial form, fingerprint, iris pattern, voice and DNA.
- Physical attributes may also be associated with objects, such as documents (e.g. passports), banknotes or packaging (e.g. as an anti-counterfeiting measure), such as wood fiber patterns in paper or cardboard or embedded holograms.
- the claimed approach is based on the idea of pivoting the data to form a structure for encoding the vectors which enables more efficient comparison operations to be performed within a homomorphic encryption scheme. Specifically, it is possible to realize one or more of the following advantages with certain embodiments:
- a computer program stored on a computer readable medium and loadable into the internal memory of a server, comprising software code portions, when said program is run on a server, for performing the above-described method.
- a computer program product storing the computer program may also be provided.
- the method and associated computer program and computer program product may form part of a service provided in a cloud computing environment, for example based on a client-server model, where the server is a node hosted in the cloud and the clients are other nodes in the cloud with access to the server via a network connection.
- FIG. 1 shows a cloud computing node used in a first embodiment of a system according to the disclosure
- FIG. 2 shows an embodiment of a cloud computing environment (also called the “first embodiment system”) according to the disclosure
- FIG. 3 shows abstraction model layers used in the first embodiment system
- FIG. 4 shows a data set vector according to a background example.
- FIG. 5 is a flowchart showing a method according to the background example.
- FIG. 6 shows a pivoted structure of a vector Pi according to embodiments of the disclosure.
- FIGS. 7A and 7B show aspects of homomorphic pivoting according to embodiments of the disclosure in which in FIG. 7A a masking operation is applied to pick out a coefficient in one of the slots, and in FIG. 7B a pivoted result is obtained by applying the masking operation to each slot and a replicate function to the coefficient value in each of the slots.
- FIG. 8 is a flowchart showing a first embodiment method performed, at least in part, by the first embodiment system.
- the disclosure may be implemented in a system, a method, and/or a computer program product.
- the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to perform methods embodying the disclosure.
- the computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device.
- the computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
- a non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing.
- RAM random access memory
- ROM read-only memory
- EPROM or Flash memory erasable programmable read-only memory
- SRAM static random access memory
- CD-ROM compact disc read-only memory
- DVD digital versatile disk
- memory stick a floppy disk
- a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon
- a computer readable storage medium is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
- Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.
- the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers.
- a network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
- Computer readable program instructions for carrying out operations of the disclosure may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages.
- the computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
- the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
- electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the disclosure.
- These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
- the computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operations to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
- each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s).
- the functions noted in the block may occur out of the order noted in the FIG.s.
- two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
- Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service.
- This cloud model may include at least five characteristics, at least three service models, and at least four deployment models.
- On-demand self-service a cloud consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with the service's provider.
- Resource pooling the provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to demand. There is a sense of location independence in that the consumer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter).
- Rapid elasticity capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
- Measured service cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
- level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts).
- SaaS Software as a Service: the capability provided to the consumer is to use the provider's applications running on a cloud infrastructure.
- the applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email).
- a web browser e.g., web-based email.
- the consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
- PaaS Platform as a Service
- the consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
- IaaS Infrastructure as a Service
- the consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
- Private cloud the cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on-premises or off-premises.
- Public cloud the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
- Hybrid cloud the cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
- a cloud computing environment is service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.
- An infrastructure comprising a network of interconnected nodes.
- Cloud computing node 10 is only one example of a suitable cloud computing node and is not intended to suggest any limitation as to the scope of use or functionality of embodiments of the disclosure described herein. Regardless, cloud computing node 10 is capable of being implemented and/or performing any of the functionality set forth hereinabove.
- cloud computing node 10 there is a computer system/server 12 , which is operational with numerous other general purpose or special purpose computing system environments or configurations.
- Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with computer system/server 12 include, but are not limited to, personal computer systems, server computer systems, thin clients, thick clients, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputer systems, mainframe computer systems, and distributed cloud computing environments that include any of the above systems or devices, and the like.
- Computer system/server 12 may be described in the general context of computer system executable instructions, such as program modules, being executed by a computer system.
- program modules may include routines, programs, objects, components, logic, data structures, and so on that perform particular tasks or implement particular abstract data types.
- Computer system/server 12 may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network.
- program modules may be located in both local and remote computer system storage media including memory storage devices.
- computer system/server 12 in cloud computing node 10 is shown in the form of a general-purpose computing device.
- the components of computer system/server 12 may include, but are not limited to, processing units 16 , a system memory 28 , and a bus 18 that couples various system components including system memory 28 to processing units 16 .
- Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures.
- bus architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
- Computer system/server 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer system/server 12 , and it includes both volatile and non-volatile media, removable and non-removable media.
- System memory 28 can include computer system readable media in the form of volatile memory, such as random access memory (RAM) 30 and/or cache memory 32 .
- Computer system/server 12 may further include other removable/non-removable, volatile/non-volatile computer system storage media.
- storage system 34 can be provided for reading from and writing to a non-removable, non-volatile magnetic media (not shown and typically called a “hard drive”).
- a magnetic disk drive for reading from and writing to a removable, non-volatile magnetic disk (e.g., a “floppy disk”).
- an optical disk drive for reading from or writing to a removable, non-volatile optical disk such as a CD-ROM, DVD-ROM or other optical media can be provided.
- system memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the disclosure.
- Program/utility 40 having set of program modules 42 , may be stored in system memory 28 by way of example, and not limitation, as well as an operating system, one or more application programs, other program modules, and program data. Each of the operating system, one or more application programs, other program modules, and program data or some combination thereof, may include an implementation of a networking environment.
- Set of program modules 42 generally carry out the functions and/or methodologies of embodiments of the disclosure as described herein.
- Computer system/server 12 may also communicate with one or more external devices 14 such as a keyboard, a pointing device, a display 24 , etc.; one or more devices that enable a user to interact with computer system/server 12 ; and/or any devices (e.g., network card, modem, etc.) that enable computer system/server 12 to communicate with one or more other computing devices. Such communication can occur via Input/Output (I/O) interfaces 22 . Still yet, computer system/server 12 can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via network adapter 20 .
- LAN local area network
- WAN wide area network
- public network e.g., the Internet
- network adapter 20 communicates with the other components of computer system/server 12 via bus 18 .
- bus 18 It should be understood that although not shown, other hardware and/or software components could be used in conjunction with computer system/server 12 . Examples include, but are not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data archival storage systems, etc.
- cloud computing environment 50 comprises one or more cloud computing nodes (e.g., cloud computing node 10 ) with which local computing devices used by cloud consumers, such as, for example, personal digital assistant (PDA) or cellular telephone 54 A, desktop computer 54 B, laptop computer 54 C, and/or automobile computer system 54 N may communicate.
- Cloud computing nodes may communicate with one another. They may be grouped (not shown) physically or virtually, in one or more networks, such as Private, Community, Public, or Hybrid clouds as described hereinabove, or a combination thereof.
- cloud computing environment 50 to offer infrastructure, platforms and/or software as services for which a cloud consumer does not need to maintain resources on a local computing device. It is understood that the types of computing devices 54 A-N shown in FIG. 2 are intended to be illustrative only and that cloud computing node 10 and cloud computing environment 50 can communicate with any type of computerized device over any type of network and/or network addressable connection (e.g., using a web browser).
- FIG. 3 a set of functional abstraction layers provided by cloud computing environment 50 ( FIG. 2 ) is shown. It should be understood in advance that the components, layers, and functions shown in FIG. 3 are intended to be illustrative only and embodiments of the disclosure are not limited thereto. As depicted, the following layers and corresponding functions are provided:
- Hardware and software layer 60 includes hardware and software components.
- hardware components include mainframes; RISC (Reduced Instruction Set Computer) architecture based servers; storage devices; networks and networking components.
- software components include network application server software.
- Virtualization layer 62 provides an abstraction layer from which the following examples of virtual entities may be provided: virtual servers; virtual storage; virtual networks, including virtual private networks; virtual applications and operating systems; and virtual clients.
- management layer 64 may provide the functions described below.
- Resource provisioning provides dynamic procurement of computing resources and other resources that are utilized to perform tasks within the cloud computing environment.
- Metering and Pricing provide cost tracking as resources are utilized within the cloud computing environment, and billing or invoicing for consumption of these resources. In one example, these resources may comprise application software licenses.
- Security provides identity verification for cloud consumers and tasks, as well as protection for data and other resources.
- User portal provides access to the cloud computing environment for consumers and system administrators.
- Service level management provides cloud computing resource allocation and management such that required service levels are met.
- Service Level Agreement (SLA) planning and fulfillment provide pre-arrangement for, and procurement of, cloud computing resources for which a future requirement is anticipated in accordance with an SLA.
- SLA Service Level Agreement
- Workloads layer 66 provides examples of functionality for which the cloud computing environment may be utilized. Examples of workloads and functions which may be provided from this layer include: mapping and navigation; software development and lifecycle management; virtual classroom education delivery; data analytics processing; transaction processing; and functionality according to the disclosure (see function block 66 a ) as will be discussed in detail, below, in the following sub-sections of this Detailed description section.
- vector is used here and throughout this document to mean a mathematical object used to represent the data comprising a plurality of elements which we refer to as coefficients, each coefficient having a value representing an attribute of the data.
- HElib implements a variant of the Brakerski-Gentry-Vaikuntanathan (BGV) homomorphic encryption scheme with an adapted bootstrapping scheme and Smart-Vercauteren ciphertext packing techniques.
- BGV Brakerski-Gentry-Vaikuntanathan
- HElib is written in C++ and uses the NTL C++ mathematical library
- FHE computations are in general computationally expensive.
- powerful computers suitable for FHE computations typically have processor architectures that are multi-core and multi-thread.
- the optimal use of multi-core, multi-thread computers for FHE computations therefore requires that the computational tasks are configured to permit them to be efficiently subdivided to be run concurrently in different cores and threads.
- the main data type is the integer polynomial modulo a cyclotomic polynomial which gives an “array-like” data type, where the elements or slots of the “array” are given by the object's residues for packing data and performing single instruction, multiple data (SIMD) operations.
- SIMD single instruction, multiple data
- ciphertext is used here and throughout this document with its normal meaning, i.e. the result of encryption of another text, a plaintext.
- the term ciphertext with respect to FHE has the additional meaning of the data type described above encrypted by the BGV method, wherein the values in the plaintext will undergo FHE computation whilst encrypted.
- slot is used here and throughout this document to mean a dimension of an at least two-dimensional array-like data type given by the residues of an unencrypted ciphertext subject to FHE computations.
- the organization of the data amongst the slots of the ciphertexts is key for performing efficient comparisons in FHE.
- a threshold function will typically also need to be employed, e.g. return a value representing a match (i.e. a one) or a non-match (i.e. a zero), as in the case of matching feature vectors of images of human faces for facial recognition.
- the threshold function can be homomorphically implemented as a polynomial function that can be evaluated homomorphically supported in HElib. However, evaluating polynomial functions homomorphically is very computationally costly. It is therefore important to consider computational efficiency of both the comparison function and any thresholding function which may also be needed.
- the comparison is of Euclidean distance, but other vector comparison metrics can be used with the same approaches. What is important is that the metric used to compare one vector with another includes a slot-wise operation between ciphertexts.
- FIG. 4 illustrates one possible, perhaps straightforward, approach of orienting the data in a manner optimized for comparison operations.
- each vector is represented by a ciphertext where each slot is a coefficient of the vector.
- This approach is not part of the prior art. Nevertheless, we include it as a background example to help better understand the nature of the problem being addressed and as a counterpoint to the approach of the disclosure.
- a query vector S 1 with coefficients Sj of S 1 , S 2 , S 3 and S 4 is to be compared with each of ‘N’ vectors Pi (i.e. P 1 , P 2 , P 3 , P 4 . . . Pi . . . PN), which we call library vectors, where each library vector is encoded in its own ciphertext and the ‘ith’ library vector Pi has coefficients Pij, with ‘j’ being the coefficient order.
- Pi could for example be a vector relating to the face of an ‘ith’ person in a group of ‘N’ people, where the task is face recognition of a particular person among ‘N’ possibles or suspects on the basis of the query vector S 1 , where the task is carried out on the basis of ‘M’ facial attributes, stored in the coefficients ‘j’.
- the threshold calculation is applied to every Pi, i.e. ‘i’ times, where i is the current vector, so the threshold calculation is computationally expensive.
- the role of the threshold is to check for similarity in cases where matching will not be exact, but rather “fuzzy”, such as in facial recognition where two images of the same person will be expected to generate slightly different feature vectors, so it is not sensible to test for equality, because the Euclidean distance between the two vectors (person and suspect) will not be exactly zero.
- the function f(x) takes a ciphertext x and returns a ciphertext with values in slots of a one for a match and a zero for a non-match.
- FIG. 5 is a flowchart showing the above-described method for performing a threshold comparison according to the background example.
- Step S 61 a data set containing a plurality ‘i’ of library vectors Pi (i.e. P 1 . . . PN) is provided, each library vector Pi comprising a plurality ‘j’ of coefficients Pij, as well as a query vector S 1 also having the same ‘j’ coefficients, where ‘j’ runs from 1 to M.
- each library vector Pi comprising a plurality ‘j’ of coefficients Pij, as well as a query vector S 1 also having the same ‘j’ coefficients, where ‘j’ runs from 1 to M.
- Step S 63 the method calculates the difference between vectors Pi and S 1 , results in a vector which we call ‘delta_i’ for each i.
- Step S 65 the method computes the sum of all ‘j’ coefficients of the square of delta_i for a given ‘i’.
- Step S 66 the method performs a threshold operation on the sum of the coefficients of the square of delta_i for a given i to compare Pi and S 1 by polynomial evaluation resulting in a match vector ones for match or zeros for non-match for each i.
- FIG. 6 shows a pivoted structure of a library vector Pi according to embodiments of the disclosure, wherein each of the library vectors Pi has a plurality of vector coefficients ‘Pij’ may alternatively be called elements).
- Vector Pi (non-italic font in FIG. 6 ) is the vector for element ‘i’.
- each ‘i’ will be a person and each ‘j’ will be an attribute of a person's face.
- Vector coefficients of each vector are represented in FIG. 6 with an italic font, so that ‘Pi 1 ’ and ‘Pi 2 ’ are the first and second coefficients of the vector Pi.
- P 13 (italic) is the third coefficient of vector P 1 (non-italic)
- P 23 (italic) is the third coefficient of vector P 2 (non-italic).
- the data set of library vectors P 1 . . . PN is pivoted as shown in FIG. 6 .
- the number of ciphertexts is also the number of coefficients in a vector.
- the number of vector coefficients M is assumed to be much smaller than the number of slots in a ciphertext, since this will be the case in usual real-world scenarios.
- the data repository holding the library of vectors Pi may for example be a database.
- the data repository could for example be held on a server, which may be a physical server or a virtual server.
- the data repository may be a cloud computing node in a cloud computing environment.
- the handling of the query vector S 1 is now discussed. Since the data set of library vectors Pi has been pivoted, so too must the query vector S 1 . However, the query vector S 1 is encrypted in a ciphertext, so the pivot must be carried out homomorphically. In concrete terms, taking a client-server cloud computing example, the cloud computing node hosting the data Pi will receive the query vector S 1 in encrypted form and is tasked to carry out a computational task with the query vector S 1 as an operand without decrypting it according to an FHE scheme.
- FIGS. 7A and 7B shows these aspects of the proposed homomorphic pivoting in which ( FIG. 7A ) a masking operation is applied to pick out a coefficient in one of the slots, and ( FIG. 7B ) a pivoted result is obtained by applying the masking operation to each slot and a replicate function to the coefficient value in each of the slots.
- the masking separates out the query vector into its coefficient vectors as illustrated in FIG. 7B .
- To compute each vector we mask the jth coefficient out of the S 1 vector and replicate.
- Replication can be carried out using the HElib replicate function such as the function described in the “Algorithms in HElib” Shai Halevi and Victor Shoup, Cryptology ePrint Archive: Report 2014/106 https://eprint.iacr.org/2014/106.pdf.
- HElib replicate function such as the function described in the “Algorithms in HElib” Shai Halevi and Victor Shoup, Cryptology ePrint Archive: Report 2014/106 https://eprint.iacr.org/2014/106.pdf.
- other functions can be used.
- the incoming ciphertext to be homomorphically pivoted may include more than one query vector, e.g. S 1 , S 2 etc, and the whole multi-query vector ciphertext may be pivoted.
- This will save on transmission in a real-world scenario in which all the vectors of a user query are capable of being fitted into a single ciphertext, thereby avoiding having to transmit multiple ciphertexts, i.e. M ciphertexts.
- each ciphertext contains more than one query vector, then masking operations would be required to pull out each query vector prior to applying summation and thresholding to each query vector in its own ciphertext.
- the effect of the pivoting is to transform the block of ciphertexts representing a data set of N vectors into a form where each ciphertext holds the jth coefficient of every vector Pi.
- each ciphertext holds all ‘j’ coefficients of the ‘ith’ vector (i.e. all the vector coefficients ‘j’ for a given Pi).
- This is the difference that is shown by comparing FIG. 4 and FIG. 6 .
- This departs from the general standard approach in the prior art when vector algebra needs to be implemented in FHE, which is to map each vector into its own ciphertext. While this works well for some problems, it is not computationally efficient in the present case of calculating vector differences, where our proposed pivoting solution is superior.
- the summation step is the summation of the coefficients done by adding the squared delta ciphertexts together, which is a completely different ciphertext operation from the background example where the summation step is the summation of slots within each ciphertext, which is costly.
- Further computational efficiency is gained in the thresholding operation, since a consequence of the proposed summation step is that the threshold function only needs to be performed once, namely on the single ciphertext that represents all the summed square delta results for all ‘i’ of the candidate vectors Pi.
- the thresholding has to be performed on each squared delta ciphertext, i.e. for each candidate vector Pi, individually.
- Summation can be carried out using normal ciphertext addition.
- the thresholding may be performed homomorphically by polynomial evaluation.
- Functions can either be defined by polynomials or an approximation thereof (e.g. Taylor series). Therefore, if a function is needed, its shape is defined as desired, for example a threshold function may be a step function.
- the ‘x’ values in the slots need to be converted into ‘y’ values, which is the pivot.
- the x-to-y conversion defines the function. Curve fitting is performed to obtain a polynomial that is that function or an approximation of it. That function can then be applied to the values held in a ciphertext's slots simply by inputting the ciphertext into the polynomial.
- HElib provides suitable facilities for doing this.
- the threshold step may not be needed, but may require a different transform.
- FIG. 8 is a flowchart showing the above-described method for performing a threshold comparison according to this embodiment of the disclosure.
- Step S 80 a data set containing a plurality ‘i’ of library vectors Pi (i.e. P 1 . . . PN) is provided, each library vector Pi comprising a plurality ‘j’ of coefficients Pij, as well as a query vector S 1 also having the same ‘j’ coefficients, where ‘j’ runs from 1 to M.
- each library vector Pi comprising a plurality ‘j’ of coefficients Pij, as well as a query vector S 1 also having the same ‘j’ coefficients, where ‘j’ runs from 1 to M.
- Step S 81 the method pivots the library vectors P 1 to PN as a single set (see FIG. 6 ) and homomorphically pivots the query vector S 1 using a mask (see FIGS. 7A and 7B ).
- Step S 83 the method calculates in one homomorphic operation the difference, ‘delta’ between vector coefficients Pij and S 1 j for all ‘i’.
- Step S 84 the method calculates the square of delta, ‘delta ⁇ circumflex over ( ) ⁇ 2’.
- Step S 86 it is tested whether j has reached M. If j ⁇ >M then in Step S 88 there is an increment of ‘j’ and process flow jumps back to Step S 83 to compare the difference between vector coefficients Pij+1 and S 1 j+ 1 for all ‘i.’
- Step S 87 process flow continues to Step S 87 in which the method performs a single threshold operation by polynomial evaluation on the summed delta squared value, noting that the summed delta squared value is for all ‘i’ and ‘j’ and thus computes the thresholds between every library vector Pi and the query vector S 1 in a single operation.
- the method is then complete as indicated with the finish step S 88 .
- the background example approach calculates for each of the ‘i’ ciphertexts T (SUM(( c _ i ⁇ s 1) ⁇ circumflex over ( ) ⁇ 2)) where
- a fully homomorphic operation is performed on a data set by applying an encrypted operand supplied as a ciphertext.
- a data set containing ‘i’ library vectors, each with ‘j’ coefficients is subjected to a pivot operation such that each set of common ‘j’ coefficients is stored in respective library ciphertexts.
- a query ciphertext containing a query vector is then subjected to a homomorphic pivot operation to separate out its ‘j’ coefficients into respective pivoted query ciphertexts.
- a more efficient homomorphic computation can then be carried out between the ciphertexts of the pivoted forms of the query and library vectors so as to compute an encrypted set of vector differences between the query vector and each of the library vectors.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Mathematical Physics (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Algebra (AREA)
- Data Mining & Analysis (AREA)
- Computational Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
-
- the pivoted data structure allows high parallelism for ease of distribution to multiple processing cores and threads;
- the pivoted data structure is easier to reason with, since programming of the method to distribute the computing tasks among multiple processing cores is straightforward based on the mapping of the ciphertexts that are obtained by the pivoting operations;
- the pivoted data structure is more space efficient in that a ciphertext block can keep inserting vectors without creating dead space; and
- significant improvement in computational efficiency is seen for realistic data sets.
ciphertext1×ciphertext2=ciphertext3
ciphertext3 contains the multiplied results of the slots in ciphertext1 and ciphertext2, multiplied elementwise.
d i=sqrt(Σj=1 to M{(P ij −S ij)2}).
where M is the number of coefficients per vector.
-
- 1. Set i=1
- 2. Calculate the difference in Euclidian distance between vectors Pi and S1, which we call ‘delta’
- 3. Calculate delta{circumflex over ( )}2
- 4. Sum the coefficients contained in each delta{circumflex over ( )}2 to obtain delta{circumflex over ( )}2 for Pi
- 5. Calculate threshold between Pi and S1 by polynomial evaluation
- 6. If i < > N then increment ‘i’ and jump back to 2 to compare the next vector Pi+1 with the query vector S1.
- 7. If i=N then finish.
-
- 1. Pivot vectors P1 to PN as a single set (see
FIG. 6 ) - 2. Homomorphically pivot S1 using a mask (see
FIGS. 7A and 7B ) - 3. Calculate a difference Pij−S1 j for each of the ciphertexts in the block, so that ‘j’ difference values ‘delta’ are obtained, wherein each difference computation obtains the difference for one of the ‘j’ coefficients for all ‘i’ library vectors.
- 4. Calculate delta{circumflex over ( )}2 for each of the ‘j’ difference values ‘delta’
- 5. Sum the delta{circumflex over ( )}2 values
- 6. Perform a single threshold calculation on the sum by polynomial evaluation
- 1. Pivot vectors P1 to PN as a single set (see
T(SUM((c_i−s1){circumflex over ( )}2))
where
-
- T is the polynomial threshold function
- SUM is the Sum function defined in “Algorithms in HElib”
- c_i is the ciphertext containing the ‘ith’ P vector, Pi, and
- s1 is the ciphertext containing suspect vector S
whereas the pivoted way delivers as an end result only one ciphertext through the equation
T(Σj=1 to M{(c_j−S_j){circumflex over ( )}2})
where - c_j is the ciphertext for coefficient ‘j’ for all ‘i’
- S_j is the ciphertext for coefficient ‘j’ for the suspect or query vector S (homomorphically pivoted as in
FIG. 7 ).
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/514,043 US10735181B2 (en) | 2017-11-03 | 2019-07-17 | Performing vector comparison operations in fully homomorphic encryption |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/802,879 US10728017B2 (en) | 2017-11-03 | 2017-11-03 | Performing vector comparison operations in fully homomorphic encryption |
US16/514,043 US10735181B2 (en) | 2017-11-03 | 2019-07-17 | Performing vector comparison operations in fully homomorphic encryption |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/802,879 Continuation US10728017B2 (en) | 2017-11-03 | 2017-11-03 | Performing vector comparison operations in fully homomorphic encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200084017A1 US20200084017A1 (en) | 2020-03-12 |
US10735181B2 true US10735181B2 (en) | 2020-08-04 |
Family
ID=66179220
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/802,879 Expired - Fee Related US10728017B2 (en) | 2017-11-03 | 2017-11-03 | Performing vector comparison operations in fully homomorphic encryption |
US16/514,043 Expired - Fee Related US10735181B2 (en) | 2017-11-03 | 2019-07-17 | Performing vector comparison operations in fully homomorphic encryption |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/802,879 Expired - Fee Related US10728017B2 (en) | 2017-11-03 | 2017-11-03 | Performing vector comparison operations in fully homomorphic encryption |
Country Status (3)
Country | Link |
---|---|
US (2) | US10728017B2 (en) |
DE (1) | DE102018121757A1 (en) |
GB (1) | GB2569015A (en) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10728017B2 (en) | 2017-11-03 | 2020-07-28 | International Business Machines Corporation | Performing vector comparison operations in fully homomorphic encryption |
US11032061B2 (en) * | 2018-04-27 | 2021-06-08 | Microsoft Technology Licensing, Llc | Enabling constant plaintext space in bootstrapping in fully homomorphic encryption |
US11693662B2 (en) * | 2018-05-04 | 2023-07-04 | Cornami Inc. | Method and apparatus for configuring a reduced instruction set computer processor architecture to execute a fully homomorphic encryption algorithm |
KR102040120B1 (en) * | 2018-07-27 | 2019-11-05 | 주식회사 크립토랩 | Apparatus for processing approximate encripted messages and methods thereof |
US11461551B1 (en) * | 2018-10-23 | 2022-10-04 | Private AI Inc. | Secure word search |
US11907952B2 (en) * | 2019-03-12 | 2024-02-20 | Cox Communications, Inc. | Secured analytics using encrypted data |
US11539517B2 (en) * | 2019-09-09 | 2022-12-27 | Cisco Technology, Inc. | Private association of customer information across subscribers |
US11275585B2 (en) * | 2019-09-12 | 2022-03-15 | Intuit Inc. | System and method for approximating branching operations for use with data encrypted by fully homomorphic encryption (FHE) |
US12099997B1 (en) | 2020-01-31 | 2024-09-24 | Steven Mark Hoffberg | Tokenized fungible liabilities |
US11546134B2 (en) | 2020-04-16 | 2023-01-03 | Samsung Electronics Co., Ltd. | Method and apparatus for processing ciphertext based on homomorphic encryption |
US11418319B2 (en) | 2020-04-30 | 2022-08-16 | International Business Machines Corporation | Ensure valid range of values of a vector for distance calculations using homomorphic encryption or functional encryption |
EP4149045A4 (en) * | 2020-06-15 | 2024-04-24 | Crypto Lab Inc. | Device and method for performing statistical calculation on homomorphic ciphertext |
US11502819B2 (en) * | 2021-01-21 | 2022-11-15 | Nxp B.V. | Efficient masked polynomial comparison |
US11630913B2 (en) | 2021-05-25 | 2023-04-18 | Via Science, Inc. | Encrypted text searching |
US11496288B1 (en) * | 2022-04-08 | 2022-11-08 | Verkada Inc. | Enhanced encryption for face-related data |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120039473A1 (en) | 2010-08-16 | 2012-02-16 | International Business Machines Corporation | Efficient Implementation Of Fully Homomorphic Encryption |
US8630409B2 (en) | 2011-04-05 | 2014-01-14 | International Business Machines Corporation | Two-party private estimation of dataset similarity |
US20140140514A1 (en) | 2009-11-10 | 2014-05-22 | International Business Machines Corporation | Fully Homomorphic Encryption Method Based On A Bootstrappable Encryption Scheme, Computer Program And Apparatus |
US9100185B2 (en) | 2012-12-27 | 2015-08-04 | Fujitsu Limited | Encryption processing apparatus and method |
EP2940921A1 (en) | 2014-05-02 | 2015-11-04 | Fujitsu Limited | Information processing technique for wildcard pattern matching |
US20150358153A1 (en) | 2011-04-29 | 2015-12-10 | International Business Machines Corporation | Fully Homomorphic Encryption |
US9313028B2 (en) | 2012-06-12 | 2016-04-12 | Kryptnostic | Method for fully homomorphic encryption using multivariate cryptography |
US20160119119A1 (en) | 2014-05-15 | 2016-04-28 | Xeror Corporation | Compact fuzzy private matching using a fully-homomorphic encryption scheme |
US20160156595A1 (en) | 2014-12-02 | 2016-06-02 | Microsoft Technology Licensing, Llc | Secure computer evaluation of decision trees |
US20170063525A1 (en) | 2015-08-25 | 2017-03-02 | International Business Machines Corporation | Comparison and search operations of encrypted data |
US9608817B2 (en) | 2012-02-17 | 2017-03-28 | International Business Machines Corporation | Homomorphic evaluation including key switching, modulus switching, and dynamic noise management |
US20170149557A1 (en) | 2015-11-25 | 2017-05-25 | International Business Machines Corporation | Performing efficient comparison operations on encrypted data |
US20180359078A1 (en) | 2017-06-12 | 2018-12-13 | Microsoft Technology Licensing, Llc | Homomorphic data analysis |
US20190121951A1 (en) | 2016-05-01 | 2019-04-25 | B.G. Negev Technologies And Applications Ltd., At Ben-Gurion University | A method for online signature verification using wrist-worn devices |
US20190140818A1 (en) | 2017-11-03 | 2019-05-09 | International Business Machines Corporation | Performing vector comparison operations in fully homomorphic encryption |
-
2017
- 2017-11-03 US US15/802,879 patent/US10728017B2/en not_active Expired - Fee Related
-
2018
- 2018-09-06 DE DE102018121757.9A patent/DE102018121757A1/en active Pending
- 2018-10-09 GB GB1816416.0A patent/GB2569015A/en not_active Withdrawn
-
2019
- 2019-07-17 US US16/514,043 patent/US10735181B2/en not_active Expired - Fee Related
Patent Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140140514A1 (en) | 2009-11-10 | 2014-05-22 | International Business Machines Corporation | Fully Homomorphic Encryption Method Based On A Bootstrappable Encryption Scheme, Computer Program And Apparatus |
US8565435B2 (en) | 2010-08-16 | 2013-10-22 | International Business Machines Corporation | Efficient implementation of fully homomorphic encryption |
US20120039473A1 (en) | 2010-08-16 | 2012-02-16 | International Business Machines Corporation | Efficient Implementation Of Fully Homomorphic Encryption |
US8630409B2 (en) | 2011-04-05 | 2014-01-14 | International Business Machines Corporation | Two-party private estimation of dataset similarity |
US20150358153A1 (en) | 2011-04-29 | 2015-12-10 | International Business Machines Corporation | Fully Homomorphic Encryption |
US9716590B2 (en) | 2011-04-29 | 2017-07-25 | International Business Machines Corporation | Fully homomorphic encryption |
US9608817B2 (en) | 2012-02-17 | 2017-03-28 | International Business Machines Corporation | Homomorphic evaluation including key switching, modulus switching, and dynamic noise management |
US9313028B2 (en) | 2012-06-12 | 2016-04-12 | Kryptnostic | Method for fully homomorphic encryption using multivariate cryptography |
US9100185B2 (en) | 2012-12-27 | 2015-08-04 | Fujitsu Limited | Encryption processing apparatus and method |
US20150318991A1 (en) | 2014-05-02 | 2015-11-05 | Fujitsu Limited | Information processing technique for pattern matching |
EP2940921A1 (en) | 2014-05-02 | 2015-11-04 | Fujitsu Limited | Information processing technique for wildcard pattern matching |
US20160119119A1 (en) | 2014-05-15 | 2016-04-28 | Xeror Corporation | Compact fuzzy private matching using a fully-homomorphic encryption scheme |
US9749128B2 (en) | 2014-05-15 | 2017-08-29 | Xerox Corporation | Compact fuzzy private matching using a fully-homomorphic encryption scheme |
US20160156595A1 (en) | 2014-12-02 | 2016-06-02 | Microsoft Technology Licensing, Llc | Secure computer evaluation of decision trees |
US20170063525A1 (en) | 2015-08-25 | 2017-03-02 | International Business Machines Corporation | Comparison and search operations of encrypted data |
US20170149557A1 (en) | 2015-11-25 | 2017-05-25 | International Business Machines Corporation | Performing efficient comparison operations on encrypted data |
US20190121951A1 (en) | 2016-05-01 | 2019-04-25 | B.G. Negev Technologies And Applications Ltd., At Ben-Gurion University | A method for online signature verification using wrist-worn devices |
US20180359078A1 (en) | 2017-06-12 | 2018-12-13 | Microsoft Technology Licensing, Llc | Homomorphic data analysis |
US20190140818A1 (en) | 2017-11-03 | 2019-05-09 | International Business Machines Corporation | Performing vector comparison operations in fully homomorphic encryption |
Non-Patent Citations (16)
Title |
---|
Chatterjee et al., "Searching and Sorting of Fully Homomorphic Encrypted Data on Cloud," IACR Cryptology ePrint Archive, 2015, pp. 1-14, International Association for Cryptologic Research (IACR). |
Gentry, C., "A Fully Homomorphic Encryption Scheme," Dissertation in partial fulfillment of the requirements for the degree of Doctor of Philosophy, Sep. 2009, 209 pages. |
Gentry, C., "Fully Homomorphic Encryption Using Ideal Lattices," STOC '09: Proceedings of the forty-first annual ACM Symposium on Theory of Computing, 2009, pp. 169-178. |
Halevi et al., "Algorithms in HElib," IACR Cryptology ePrint Archive: Report 2014/106, 2014, 20 pages. https://eprint.iacr.org/2014/106.pdf. |
Halevi et al., "Bootstrapping for HElib," IACR Cryptology ePrint Archive: Report 2014/873, Jan. 30, 2015, 28 pages. https://eprint.iacr.org/2014/873.pdf. |
Halevi et al., "Design and Implementation of a Homomorphic-Encryption Library," Helib, Software Library, Apr. 11, 2013, 46 pages. https://people.csail.mit.edu/shaih/pubs/he-library.pdf. |
Halevi et al., "Design and Implementation of a Homomorphic-Encryption Library," Helib, Software Library, Nov. 30, 2012, 42 pages. http://researcher.ibm.com/researcher/files/us-shaih/he-library.pdf. |
International Search and Examination Report for Application No. GB1816416.0, dated Mar. 27, 2019, 8 pages. |
Kim et al., "An Eigenvalue-based Pivot Selection Strategy for Improving Search Efficiency in Metric Spaces," 2016 International Conference on Big Data and Smart Computing (BigComp), Hong Kong, Jan. 2016, pp. 207-214, IEEE. |
List of IBM Patents or Patent Applications Treated as Related, Signed Jul. 17, 2019, 2 pages. |
McGaw, Q., "Homomorphic binary circuits-hbc," project developed as Master final year project at Imperial College London, pp. 1-8, printed Nov. 2, 2017. http://qdm12.github.io/hbc/. |
McGaw, Q., "Homomorphic binary circuits—hbc," project developed as Master final year project at Imperial College London, pp. 1-8, printed Nov. 2, 2017. http://qdm12.github.io/hbc/. |
Mell et al., "The NIST Definition of Cloud Computing," Recommendations of the National Institute of Standards and Technology, Special Publication 800-145, Sep. 2011, 7 pages, National Institute of Standards and Technology, Gaithersburg, MD. |
Togan et al., "Comparison-Based Computations Over Fully Homomorphic Encrypted Data," In: 2014 10th International Conference on Communications (COMM), IEEE, 2014, pp. 1-6, DOI. |
Yasuda et al., "Practical Packing Method in Somewhat Homomorphic Encryption," In: Data Privacy Management and Autonomous Spontaneous Security, DPM 2013 and SETOP 2013, LNCS 8247, pp. 34-50, 2014, Springer-Verlag Berlin Heidelberg, DOI: 10.1007/978-3-642-54568-9_3. |
Ye et al., "Anonymous Biometric Access Control," EURASIP Journal on Information Security, vol. 2009, Article ID 865259, pp. 1-17, Hindawi Publishing Corporation, DOI: 10.1155/2009/865259. |
Also Published As
Publication number | Publication date |
---|---|
US20190140818A1 (en) | 2019-05-09 |
GB2569015A (en) | 2019-06-05 |
US20200084017A1 (en) | 2020-03-12 |
DE102018121757A1 (en) | 2019-05-09 |
US10728017B2 (en) | 2020-07-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10735181B2 (en) | Performing vector comparison operations in fully homomorphic encryption | |
US10761887B2 (en) | Allocating tasks in a computing environment | |
US11159620B2 (en) | Blockchain based data transformation | |
US20210334646A1 (en) | Robustness-aware quantization for neural networks against weight perturbations | |
US10521359B2 (en) | Secure distance computations | |
US20210174216A1 (en) | Signaling concept drift during knowledge base population | |
US10693628B2 (en) | Enabling distance-based operations on data encrypted using a homomorphic encryption scheme with inefficient decryption | |
US20200265069A1 (en) | Fast linking of anonymized datasets | |
US20220101175A1 (en) | Incremental and decentralized model pruning in federated machine learning | |
US10997004B2 (en) | Detecting co-resident services in a container cloud | |
WO2023103688A1 (en) | Federated machine learning based on partially secured spatio-temporal data | |
US11954611B2 (en) | Tensor comparison across a distributed machine learning environment | |
US20230085239A1 (en) | Querying fully homomorphic encryption encrypted databases using client-side preprocessing or post-processing | |
US20220374891A1 (en) | Transaction data processing | |
US20230021563A1 (en) | Federated data standardization using data privacy techniques | |
US11699082B2 (en) | Multi-dimensional record correlations | |
US12093838B2 (en) | Efficient execution of a decision tree | |
US20200314075A1 (en) | Increasing security of objects in cloud environments by using a two-part encryption scheme | |
US11709882B2 (en) | Image storage system for images with duplicate parts | |
US11823193B2 (en) | Secure transaction utilizing bone conductive characteristic | |
US12020048B2 (en) | Creating scripts from command line history | |
US11809454B2 (en) | Label-based document classification using artificial intelligence | |
US11501199B2 (en) | Probability index optimization for multi-shot simulation in quantum computing | |
US11593013B2 (en) | Management of data in a hybrid cloud for use in machine learning activities | |
US20230289526A1 (en) | Unidirectional text comparison |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BENT, GRAHAM A.;BERGAMASCHI, FLAVIO A.;CRAWFORD, JACK L.H.;AND OTHERS;REEL/FRAME:049776/0488 Effective date: 20171030 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: AWAITING TC RESP., ISSUE FEE NOT PAID |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20240804 |